ideate
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted user input (topics and external file content) directly into subagent prompts (Proposer and Critic) without using boundary markers or "ignore embedded instructions" warnings.
- Ingestion points: User-provided
topicandcontext(codebase paths/files) are used to populate subagent prompts in SKILL.md. - Boundary markers: Absent. The Proposer and Critic prompts directly embed external strings and file content from
/tmpwithout delimiters. - Capability inventory: Shell command execution (
date) and local file read/write access are required for the ideation workflow. - Sanitization: No sanitization or validation of user-provided strings is mentioned in the instructions.
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands (specifically
date +%s) to manage the ideation timer. Additionally, it uses user-supplied strings (thetopic-slug) to construct file paths in the/tmpdirectory. This creates a potential command or argument injection surface if the underlying agent implementation executes these operations via a shell without prior sanitization of user inputs.
Audit Metadata